The Agent Skills Directory

[PROMPT_INJECTION]: The skill body consists entirely of Cross-Site Scripting (XSS) payloads targeting the markdown rendering environment.\n- Evidence: Use of HTML tags with event handlers to trigger script execution, including: <img onerror=...>, <svg onload=...>, <details ontoggle=...>, <body onload=...>, and <marquee onstart=...>.\n- Evidence: Inclusion of an <iframe> with a srcdoc attribute containing a script block.\n- Evidence: Markdown and HTML links utilizing the javascript: URI scheme to execute code upon interaction.\n- Evidence: CSS-based execution attempt using the style attribute with a background:url('javascript:...') pattern.\n- Intent: These patterns are malicious attempts to bypass safety filters and execute code in the user's browser context, which could be used for session hijacking or data theft.

test-xss